Management Patents (Class 726/6)
-
Patent number: 8484705Abstract: A method for installing authentication credentials on a remote network device. A remote network device without valid authentication credentials may be connected to a port of an authenticating network switch, and the authentication protocols of the port may be enabled. A Network Access Control (NAC) credential service validates the remote network device comparing a received remote device identifier against a previously stored remote device identifier. The received remote device identifier may be received from the remote network device using a network when the remote network device attempts to access a private network. The NAC credential service disables the authentication protocols of the port in response to validating the received remote device identifier. The NAC credential service installs authentication credentials on the remote network device using encrypted data, so an untrusted entity cannot view the authentication credentials.Type: GrantFiled: September 5, 2008Date of Patent: July 9, 2013Assignee: Hewlett-Packard Development Company, L.P.Inventors: Sally Blue Hoppe, Jim Harritt, Matt Torres
-
Patent number: 8484706Abstract: A server transmits a message from a sender to a recipient. The server receives from the recipient an attachment relating to the message route between the server and the recipient. The server transmits to the sender the message and the attachment and their encrypted digital fingerprints and expunges the transmitted information. To subsequently authenticate the message and the attachment, the sender transmits to the server what the server has previously transmitted to the sender. The server then prepares a digital fingerprint of the message and decrypts the encrypted digital fingerprint of the message and compares these digital fingerprints. to authenticate the message. The server performs the same routine with the attachment and the encrypted digital fingerprint of the attachment to authenticate the attachment the recipient replies to the sender's message through the server. The server records proof of the delivery and content of the reply to the sender and the recipient.Type: GrantFiled: April 26, 2010Date of Patent: July 9, 2013Assignee: Rpost Communications LimitedInventor: Terrance A. Tomkow
-
Patent number: 8484704Abstract: The present invention provides mechanisms for sharing user information, including user authentication information, across communication networks and more specifically across networks separated by one or more Session Border Controllers (SBCs). The authentication of a user at one network can be leveraged by the second network to invoke one or more applications at the second network in connection with administering a communication session for the user.Type: GrantFiled: February 5, 2010Date of Patent: July 9, 2013Assignee: Avaya Inc.Inventors: David L. Chavez, Larry J. Hardouin, Gregory D. Weber
-
Patent number: 8484707Abstract: A method for granting secure network access comprising requesting, by a mobile device, access to a network via an access point; receiving a passcode from the access point; sending a message including the passcode and an indicia back to the access point; and generating, by the access point, a secure key based on the indicia, the secure key providing network access to the mobile device.Type: GrantFiled: June 9, 2011Date of Patent: July 9, 2013Assignee: Spring Communications Company L.P.Inventors: Lyle T. Bertz, Robert H. Burcham, Jason R. Delker
-
Patent number: 8484711Abstract: System and method configured to provide an access management system configuration that provides the benefits of single sign-on while reducing internal hardware and administration maintenance costs. The system is reconfigured to provide an access control module that directs authentication network traffic such that access management agents are not required to be installed on the application server for each protected application. The system provides a redirection of a login request from the application server to an external security gateway that authenticates the user via policy and sends authenticated user credentials on a back channel to the access control module to obtain a session cookie which is redirected back to the user so the user can establish a session with the application. The solution reduces the plethora of agents to be maintained and upgraded in order to remain compatible with the evolving hosting software, reducing both hardware and administration maintenance costs.Type: GrantFiled: October 31, 2012Date of Patent: July 9, 2013Assignee: FMR LLCInventors: Michael Timothy Coletta, Kevin W. Park, Jon Alexander Lenzer
-
Publication number: 20130174226Abstract: Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection.Type: ApplicationFiled: September 15, 2012Publication date: July 4, 2013Inventor: Robert Bruce HIRSH
-
Publication number: 20130174235Abstract: A method, system and computer readable media for dynamically updating current communication information, for enabling access to current communication based upon biometric information and/or for allowing communication information to be associated with biometric information and then allowing this communication information to be provided to desired recipients.Type: ApplicationFiled: January 3, 2012Publication date: July 4, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Sarbajit K. Rakshit, Shawn K. Sremaniak, Thomas S. Mazzeo, Barry A. Kritt
-
Publication number: 20130174236Abstract: An exemplary password recovery method is applied on a server. The server is connected to one user terminal. The server stores email addresses and email boxes associated with the corresponding email address. Each email box includes emails sent to each corresponding email address. Each email may be a registration email that includes a website and a username. The method receives a password recovery request for a submitted email address of a user, and determines whether there is a registration email in the email box. If yes, the method obtains the website and the username. The method then controls the user terminal to display the prompt information corresponding to the obtained website. Further, the method receives the input username, and determines whether the input username matches the obtained username. If yes, the method generates a new email password, and controls the user terminal to display the new email password.Type: ApplicationFiled: March 20, 2012Publication date: July 4, 2013Applicants: HON HAI PRECISION INDUSTRY CO., LTD., FU TAI HUA INDUSTRY (SHENZHEN) CO., LTD.Inventor: QIANG YOU
-
Publication number: 20130174234Abstract: Aspects of the subject matter described herein relate to credential synchronization. In aspects, an entity may have access to resources on two or more systems. After the entity's credentials are changed on a first system, the first system updates the credentials on a second system so that the entity can access resources on the second system using the new credentials. The first system maintains a mapping data structure that maps between the credentials data of the two systems. The first system may obtain credential requirements from the second system and provide these requirements in conjunction with receiving a request to change credentials so that a user changing the credentials may satisfy both systems.Type: ApplicationFiled: December 28, 2011Publication date: July 4, 2013Applicant: Microsoft CorporationInventors: Jingsheng Yang, Hui Shao, Rong Yu
-
Patent number: 8477916Abstract: Methods and systems of authorizing a user of a first packet-based communication network to access a second packet-based communication network are disclosed. A call setup request is received from a user terminal of the user at a first network element of the first packet-based communication network, the authorization request comprising a first user identity. Responsive to the call setup request, a request is transmitted to create a second user identity from the first network element to a second network element of the second packet-based communication network. The second network element creates the second user identity for use in the second packet-based communication network. The second user identity is derivable from the first user identity according to a predetermined rule. The second user identity is stored in the second packet-based communication network for use with establishing a call associated with the call setup request over the second packet-based communication network.Type: GrantFiled: April 19, 2012Date of Patent: July 2, 2013Assignee: Microsoft CorporationInventors: Jonathan David Rosenberg, Andres Kutt
-
Patent number: 8479269Abstract: Methods and systems are disclosed for reducing a number of unauthorized wireless communication devices (WCDs) using a femtocell. A femtocell may transmit a pilot beacon on a macro-network carrier, and may transmit one or more overhead channels on a femtocell carrier. Subsequently, the femtocell may receive a registration request from a WCD. The femtocell may then determine whether the WCD is authorized to receive wireless services from the femtocell, and if it is not so authorized, the femtocell may, during a subsequent slot associated with the unauthorized WCD in a periodically recurring slot cycle, responsively disable at least one of (i) its pilot channel and (ii) one or more of its overhead channels. As a result of the disabling, the unauthorized WCD may move away from the femtocell, perhaps handing off to the macro network.Type: GrantFiled: April 13, 2010Date of Patent: July 2, 2013Assignee: Sprint Spectrum L.P.Inventors: Muralidhar Malreddy, Ryan S. Talley, Rajveen Narendran
-
Patent number: 8479261Abstract: A method and circuit for implementing electronic chip identification (ECID) exchange for network security in an interconnect system, and a design structure on which the subject circuit resides are provided. Each interconnect chip includes an ECID for the interconnect chip, each ECID is unique and is permanently stored on each interconnect chip. Each interconnect chip sends predefined exchange identification (EXID) messages including the ECID across links to other interconnect chips in the interconnect system. Each interconnect chip compares a received EXID with a system list for the interconnect system to verify validity of the sending interconnect chip.Type: GrantFiled: May 13, 2010Date of Patent: July 2, 2013Assignee: International Business Machines CorporationInventors: Marcy E. Byers, William T. Flynn, Kenneth M. Valk
-
Patent number: 8477341Abstract: A printing apparatus is configured to perform printing in accordance with a print job and in accordance with a schedule registered before the printing. The printing apparatus includes an authority setting unit configured to, if authority of a user for the print job is authorized, set the authority of the user for the print job; a determination unit configured to, if a command to handle the print job is issued by the user, determine whether the user has the authority to perform the handling based on the authority set by the authority setting unit; and an execution unit configured to, if the determination unit determines that the user has the authority, execute a process according to the handling on the print job.Type: GrantFiled: July 25, 2008Date of Patent: July 2, 2013Assignee: Canon Kabushiki KaishaInventor: Hayato Matsugashita
-
Patent number: 8479271Abstract: Mobile network services are performed in a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A breakout component in the radio access network breaks out data coming from a basestation, and hosts edge applications, including third party edge applications, that perform one or more mobile network services at the edge of the mobile data network based on the broken out data.Type: GrantFiled: December 20, 2011Date of Patent: July 2, 2013Assignee: International Business Machines CorporationInventors: William F. Berg, Jeremiah D. Carlin, Michael T. Kalmbach, Mark D. Schroeder
-
Publication number: 20130167210Abstract: Discussed is a method of operating a CPNS (converged personal network service) gateway apparatus. The method includes transmitting a registration request message including user information to a server; transmitting an installation request message including the user information to a terminal; generating first authentication data on the basis of authentication information received by a user input; transmitting a trigger message including the first authentication data to the terminal; receiving a key assignment request message including second authentication data from the terminal in response to the trigger message; transmitting the received key assignment request message to the server; receiving a key assignment response message including a user key for the terminal in response to the key assignment request message; and transmitting the received key assignment response message to the terminal.Type: ApplicationFiled: September 28, 2011Publication date: June 27, 2013Applicant: LG ELECTRONICS INC.Inventors: Younsung Chu, Jihye Lee
-
Publication number: 20130167209Abstract: Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.Type: ApplicationFiled: December 22, 2011Publication date: June 27, 2013Applicant: Research In Motion LimitedInventors: Brian Everett McBride, Avinash Chidambaram, Jérôme Bertrand Nicolas Cornet
-
Patent number: 8474030Abstract: A method for authenticating a user by IP address check includes: receiving a URL and a session cookie from a client; determining whether or not an IP address of the client has been changed based on the session cookie; resetting the session cookie, if the IP address has been changed, by adding the changed IP address as a temporary IP address thereto; determining whether or not the URL is required to perform IP address check; requesting a re-login to the client if it is determined that the URL is required to perform IP address check; and adding the temporary IP address to a valid IP address list for the user if the re-login is successful.Type: GrantFiled: August 20, 2008Date of Patent: June 25, 2013Assignee: NHN Business Platform CorporationInventors: Inhyuk Choi, Youngsik Jung, Minchol Song, Jongwon Paek, Haneul Lee, Jungyun Son, Hyoungjun Lee, Sungho Lee, Sanghun Jeon
-
Patent number: 8474024Abstract: A method and apparatus for restricting a control operation with respect to reproduction of media data so as to commercially implement consumption of the media data, the method and apparatus including: restricting the control operation with respect to reproduction of the media data by using a predetermined Application Programming Interface (API); and reproducing the media data received from a media server, according to the restricted control operation.Type: GrantFiled: January 22, 2009Date of Patent: June 25, 2013Assignee: Samsung Electronics Co., Ltd.Inventors: In-Chul Hwang, Ho Jin, Eun-Hee Rhim, Mun-Jo Kim
-
Patent number: 8474021Abstract: A computer security device comprising a processor that is independent of the host CPU for controlling access between the host CPU and the storage device. A program memory that is independent of the computer memory and the storage device unalterably stores and provides computer programs for operating the processor in a manner so as to control access to the storage device. The security device is connected only in line with the data access channel between the host CPU and the storage device, and off the main data and control bus of the host CPU. All data access by the host CPU to the data storage device is blocked before initialization of the security device and is intercepted immediately after the initialization under the control of the processor. The processor effects independent control of the host CPU and configuration of the computer to prevent unauthorized access to the storage device during the interception phase.Type: GrantFiled: June 28, 2002Date of Patent: June 25, 2013Assignee: Secure Systems LimitedInventors: Michael Alfred Hearn, Richard Kabzinski
-
Patent number: 8474023Abstract: In wireless networking, such as per the IEEE 802.11 standard, a technique automatically republishes an authentication credential to a global credential repository. A station can have a first credential, as is created when the station connects to a first access node of a wireless network. Upon trying and failing to connect to a second access node of the wireless network, the station can have a second credential created and published to the global credential repository. In some situations, the station then roams back to the first access node using the first credential. Efficiently, when the station uses the first credential at the first access node, the first credential can be automatically republished as a global credential. The automatic republishing of the first credential can ensure that the station is able to access the wireless network via various access nodes when roaming.Type: GrantFiled: May 30, 2008Date of Patent: June 25, 2013Assignee: Juniper Networks, Inc.Inventors: Vineet Verma, Sudheer Poorna Chandra Matta
-
Patent number: 8474013Abstract: A method, system or computer usable program product for providing initial access Lo the computer system in response to a user providing a first password, and upon detecting a condition meeting a predetermined criteria, providing subsequent access to the computer system in response to the user providing a second password wherein the first password has stronger security than the second password.Type: GrantFiled: March 29, 2011Date of Patent: June 25, 2013Assignee: International Business Machines CorporationInventor: James C. Fletcher
-
Patent number: 8472953Abstract: A mobile terminal transmits a temporary subscriber request message requesting a temporary subscriber registration to a subscriber management server of a core network via a macro base station if camping on a small base station fails, a subscriber management server receives the temporary subscriber request message and transmits the temporary subscriber request message to the small base station if the mobile terminal is registrable as a temporary subscriber of the small base station, and a small base station receives the temporary subscriber request message and determines whether to accept or reject the temporary subscriber registration of the mobile terminal, and transmits, to the subscriber management server or to the mobile terminal, a temporary subscriber response message indicating that the mobile terminal is permitted to be registered as a temporary subscriber if the temporary subscriber registration is accepted.Type: GrantFiled: January 28, 2011Date of Patent: June 25, 2013Assignee: Pantech Co., Ltd.Inventor: Ju Hyun Lee
-
Patent number: 8474022Abstract: A self-service system and method for credential reset permits an administrator to customize policies for credential reset based on any user or group of users. Administrators may choose to set a more stringent policy for credential reset for users or groups that have higher-level permissions to access sensitive information within the resource protected by the credential. Customizable, plug-in gates are provided to permit administrators fine grained control over reset policy definition. When the user initiates a credential reset, the reset policy applicable to that user is invoked, and the user is presented with gates to pass pursuant to the applicable reset policy. The user's responses are compared to responses presented by the user at registration. If the responses meet the reset policy's threshold for accuracy, the user is permitted to reset the credential.Type: GrantFiled: June 15, 2007Date of Patent: June 25, 2013Assignee: Microsoft CorporationInventors: Sorin Iftimie, Ikrima Elhassan, Bruce P. Bequette
-
Patent number: 8474031Abstract: A method of controlling access to computing resources, comprising providing a first computing device with access to a database containing data indicative of computing resources access to which is controlled by the first computing device and a minimum security capability that a second computing device must possess to access the respective resources, assigning the second computing device a security capability, providing the second computing device with data indicative of the security capability, configuring the first computing device to respond to data indicative of the security capability and data indicative of a desired access from the second computing device by ascertaining the minimum required security capability corresponding to the desired access and by comparing the minimum required security capability with the security capability of the second computing device, and providing the desired access if the security capability of the second computing device meets the minimum security capability for the desiredType: GrantFiled: June 28, 2005Date of Patent: June 25, 2013Assignee: Hewlett-Packard Development Company, L.P.Inventors: Ravigopal Vennelakanti, Savio Fernandes
-
Publication number: 20130160098Abstract: Embodiments of the invention are directed to human challenge response test delivery systems and methods. Specifically, embodiments of the present invention are directed to secure human challenge response test delivery services of configurable difficulty for user devices. One embodiment of the present invention is directed to methods and systems for implementing a familiar and dynamic human challenge response test challenge repository created from transaction data. The dynamic human challenge response test challenge repository may be created by a server computer receiving a plurality of transaction data. Challenge items may be extracted from the transaction data using an extraction algorithm. Furthermore, in some embodiments a challenge message may be sent to a requestor, a verification request may be received, and the verification request may be compared to the challenge message.Type: ApplicationFiled: December 20, 2012Publication date: June 20, 2013Inventors: Mark Carlson, Shalini Mayor
-
Publication number: 20130160097Abstract: A mechanism is provided for providing temporary generated codes by a server. Responsive to triplet authentication of a device to service provider network, a server receives an initial code from the device to request a temporary generated code. The server verifies the triplet authentication of device. The server determines whether there is a user account match to the initial code. The server determines a corresponding application server based on the initial code and the user account match. The server generates a temporary generated code to access the application server. The temporary generated code is transmitted to both the application server and the communication device, is set to expire at a preset time, is generated to allow the user access to a single session on the application server, and is generated to expire after the temporary generated code is input to access the single session on application server.Type: ApplicationFiled: December 17, 2012Publication date: June 20, 2013Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventor: AT&T Intellectual Property I, L.P.
-
Patent number: 8468583Abstract: The enrollment process for purchasing multiple digital certificates configured using different cryptographic algorithms or hashing algorithms is streamlined. A certificate purchaser wishing to purchase two or more certificates is prompted to provide answers to common enrollment questions, such as the purchaser's contact information, payment details, web server software, and the like, using a simplified and streamlined enrollment process. Each certificate is optionally configured using a different hashing algorithm.Type: GrantFiled: February 23, 2010Date of Patent: June 18, 2013Assignee: Symantec CorporationInventor: Richard F. Andrews
-
Patent number: 8468576Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.Type: GrantFiled: October 1, 2008Date of Patent: June 18, 2013Assignee: Apple Inc.Inventors: Thomas E. Doman, Duane F. Buss, Daniel S. Sanders, Andrew A. Hodgkinson, James G. Sermersheim, James M. Norman
-
Patent number: 8468594Abstract: The present invention discloses methods, media, and systems for handling hard-coded credentials, the system including: an interception module configured for: intercepting credential usage upon receiving an application request for application credentials in order to provide access to a host application; a configuration/settings module configured for reading system configurations and settings for handling the application credentials; a credential-mapping module configured for: applying appropriate credential-mapping logic based on the system configurations and settings; and upon determining that the application credentials need to be replaced, obtaining appropriate credentials from a secured storage.Type: GrantFiled: February 12, 2008Date of Patent: June 18, 2013Assignee: Cyber-Ark Software LtdInventors: Yair Sade, Roy Adar
-
Patent number: 8468361Abstract: A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages standard TPM keys.Type: GrantFiled: September 21, 2006Date of Patent: June 18, 2013Assignee: Broadcom CorporationInventors: Mark Buer, Douglas Allen
-
Patent number: 8468596Abstract: To provide a work support apparatus capable of allowing an operator to safely and easily perform work requiring all or a part of a privilege, and concisely confirming the contents of the work later, a work support apparatus 100 includes: an application processing unit 101 for accepting a work application; an approval processing unit 102 for performing an approving process; a work monitoring unit 103 for controlling and monitoring an operation from the operator terminal 111; an approval number collecting unit 104 for collecting information relating to an unnecessary approval number; an approval number management information storage unit 105 for storing approval number management information; and an operation log storage unit 106 for storing an operation log.Type: GrantFiled: March 23, 2009Date of Patent: June 18, 2013Assignee: Fujitsu LimitedInventors: Makoto Shimosaki, Seiji Endou, Taisuke Aizawa
-
Patent number: 8468593Abstract: In one embodiment, a plurality of electronic devices participating in a data collaboration session are detected. A group, of a plurality of groups, is determined to which each of the plurality of electronic devices is associated. At least some of the groups correspond to companies. Based on the determined group to which each of the plurality of electronic devices is associated, one or more limitations are identified that restrict the recording of data shared during the data collaboration session. The identified one or more limitations are enforced on only some of the plurality of electronic devices participating in the data collaboration session, such that electronic devices associated with a group that corresponds to the first company are allowed to record the data collaboration session, yet an electronic device associated with a group that corresponds to a second company is prevented from recording the data collaboration session.Type: GrantFiled: June 14, 2011Date of Patent: June 18, 2013Assignee: Cisco Technology, Inc.Inventors: Jeff Roberts, Linda Wu, Henry Nothhaft, Jr.
-
Publication number: 20130152179Abstract: A system for user authentication using OTIDs (one-time identifications), includes a client terminal configured to generate n number of OTIDs which is used in the user authentication, and sequentially select one of the generated n number of OTIDs to use the selected OTID as a user identification in each authentification session. Further, the system includes an authentication server configured to receive the generated n number of OTIDs from the client terminal to store same, when the one OTID selected from the n number of OTID and a secret key are transmitted, inquire the OTID in a DB (database), and determine whether a secret key which is associated with the inquired OTID and stored in the DB and the received secret key is matched to performing the user authentication.Type: ApplicationFiled: November 14, 2012Publication date: June 13, 2013Applicant: Electronics and Telecommunications Research InstituteInventor: Electronics and Telecommunications Research
-
Publication number: 20130152178Abstract: A device receives enterprise information associated with enterprises supported by a network, and determines enterprise identifiers for one or more enterprises identified in the enterprise information. The device also receives information associated with devices and subscribers of the network, and determines security key parameters based on the information associated with the devices and the subscribers of the network. The device further generates, based on the security key parameters, a security key for each of the enterprise identifiers.Type: ApplicationFiled: August 27, 2012Publication date: June 13, 2013Applicant: VERIZON PATENT AND LICENSING INC.Inventors: William C. KING, Lawrence S. RYBAR, Bjorn HJELM, Xuming CHEN, Kwai Y. LEE
-
Publication number: 20130152180Abstract: A DRM client on a device establishes trust with a DRM server for playback of digital content. The client executes in a secure execution environment, and the process includes (1) securely loading loader code from secure programmable memory and verifying it using a digital signature scheme and first key securely stored in the device; (2) by the verified loader code, loading DRM client code from the memory and verifying it using a digital signature scheme and second key included in the loader code; (3) by the verified DRM client code (a) obtaining a domain key from the memory; (b) encrypting the domain key with a device identifier using a DRM system key included in the DRM client code; and (c) sending the encrypted domain key and device identifier to the DRM server, whereby the device becomes registered to receive content licenses via secure communications encrypted using the domain key.Type: ApplicationFiled: December 7, 2012Publication date: June 13, 2013Applicant: AZUKI SYSTEMS, INC.Inventor: AZUKI SYSTEMS, INC.
-
Patent number: 8464359Abstract: A system and method for determining the status of an authorization device over a network. Output signals indicative of the status of the authorization device are stored in a status file. An authorization datastore accesses the status file over the first network and obtains the status of the authorization device. A determination is made from the user identifier if the user is authorized to use the controlled device. Permission is granted to the user to use the controlled device if the user is determined to be authorized to use the controlled device.Type: GrantFiled: November 16, 2005Date of Patent: June 11, 2013Assignee: Intellectual Ventures Fund 30, LLCInventors: Elliott D. Light, Jon L. Roberts
-
Patent number: 8464066Abstract: A system and method for storing segments of multimedia data with other users. A user selects a segment of data from the multimedia data by activating a user interface control. Prior to sharing the data segment, however, permission to share a data segment from such multimedia is determined based on various types of metadata. In another embodiment, data segments may be shared in accordance with an affiliate program under which affiliate users may earn benefits for sharing data segments with others.Type: GrantFiled: June 30, 2006Date of Patent: June 11, 2013Assignee: Amazon Technologies, Inc.Inventors: Roy F. Price, Ameesh Paleja
-
Patent number: 8464313Abstract: In one embodiment, a method includes defining a request for confidential information from a domain of confidential information based on an input from a relying entity. The domain of confidential information can be associated with a subject entity. A response to the request can be defined at an information provider. The method can also include sending the response to the relying entity when the response has been approved by the subject entity.Type: GrantFiled: November 10, 2008Date of Patent: June 11, 2013Inventor: Jeff Stollman
-
Patent number: 8464055Abstract: Provided are a method and apparatus to ensuring communication security between a control apparatus and a controlled apparatus in a home network. The control apparatus in the home network establishes a registration Secure Authenticated Channel (SAC) with the controlled apparatus by using a Transport Layer Security Pre-Shared Key ciphersuites (TLS-PSK) protocol implemented by using a Product Identification Number (PIN) of the controlled apparatus input from a user, shares a private key with the controlled apparatus via the registration SAC, and uses services of the controlled apparatus via a service SAC established by using the TLS-PSK protocol implemented by using the shared private key to easily implement a framework ensuring communication security in the home network.Type: GrantFiled: January 30, 2009Date of Patent: June 11, 2013Assignee: Samsung Electronics Co., Ltd.Inventors: Hyoung-shick Kim, Joo-yeol Lee
-
Patent number: 8464339Abstract: A method and system is provided to authorize a user to access in a service of higher trust level. The method includes the steps of defining first password, assigning a second password to a user, generating a value for each constituent of second password on operating an exclusivity relationship, calculating the score for the second password on summing the generating value, combining trust levels of multiple users to attain a higher trust level in aggregate, and obtaining access in a service if the aggregated trust level of users are equal to or more than the predetermined trust level of the service. The present technique provides flexibility of authenticating and authorizing a user to access in a service to perform desirable functions thereon. The present technique eliminates the requirement of tokens, pins, dongles etc. while attaining a higher trust level to perform a task which belongs to a higher trust level.Type: GrantFiled: August 12, 2009Date of Patent: June 11, 2013Assignee: Infosys Technologies LimitedInventors: Tiruvengalam Kanduri, Ashutosh Saxena
-
Publication number: 20130145445Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic and continuous testing of security assertion markup language (SAML) credentials in an on-demand services environment. In one embodiment and by way of example, a method includes identifying, at a computing device, an organization using a SAML process in an on-demand service environment, obtaining SAML credentials relating to the identified organization, and testing the SAML credentials relating to the identified organization. The testing includes asserting a set of test credentials against the SAML credentials relating to the identified organization. The method may further include generating one or more new codes based on testing results obtained from testing.Type: ApplicationFiled: July 18, 2012Publication date: June 6, 2013Applicant: salesforce.com, inc.Inventor: Jong LEE
-
Publication number: 20130145446Abstract: A system for authenticating a user to a service includes a service, an authentication server and a device. The service includes first signal interface, first processing hardware and first user interface. The authentication server includes second signal interface and second processing hardware. First signal interface transmits a request to the authentication server to authenticate a user. Second processing hardware creates a session identifier and encodes it into a pictogram. Second signal interface transmits the pictogram to the service. The device includes third processing hardware that scans the pictogram and extracts the session identifier, and a third signal interface that transmits the credentials and the session identifier to the authentication server. Second processing hardware verifies the credentials, and second signal interface securely transmits the result of the authentication to the service.Type: ApplicationFiled: November 30, 2012Publication date: June 6, 2013Inventors: Gregory Dorso, Rachad Alao
-
Publication number: 20130145447Abstract: Methods and systems are provided for secure online data access. In one embodiment, three levels of security are provided where user master passwords are not required at a server. A user device may register with a storage service and receive a user device key that is stored on the device and at the service. The user device key may be used to authenticate the user device with the storage service. As data in the storage service is encrypted with a master password, the data may be protected from disclosure. As a user master key or derivative thereof is not used in authentication, the data may be protected from a disclosure or breach of the authentication credentials. Encryption and decryption may thus be performed on the user device with a user master key that may not be disclosed externally from the user device.Type: ApplicationFiled: December 3, 2012Publication date: June 6, 2013Applicant: Dashlane SASInventor: Dashlane SAS
-
Publication number: 20130144976Abstract: Disclosed herein are systems and methods for facilitating the usage of an online workforce to remotely monitor security-sensitive sites and report potential security breaches. In some embodiments, cameras are configured to monitor critical civilian infrastructure, such as water supplies and nuclear reactors. The cameras are operatively connected to a central computer or series of computers, and images captured by the cameras are transmitted to the central computer. After initially registering with the central computer, Guardians “log on” to a central website hosted by the central computer and monitor the images, thereby earning compensation. Site owners compensate the operator of the computer system for this monitoring service, and the operator in turn compensates Guardians based on, for example, (i) the amount of time spent monitoring, and/or (ii) the degree of a given Guardian's responsiveness to real or fabricated security breaches.Type: ApplicationFiled: December 31, 2012Publication date: June 6, 2013Inventors: Daniel E. Tedesco, James A. Jorasch, Geoffrey M. Gelman, Jay S. Walker, Stephen S. Tulley, Vincent M., Dean P. Alderucci
-
Patent number: 8458786Abstract: Systems, methods and apparatus for tunneling in a cloud based security system. In an aspect, tunnel session data describing authentication and unauthenticated sessions, and location data describing tunnel identifiers for tunnels, locations, and security policies specific to the locations are accessed. Tunnel packets are received, and for each tunnel packet it is determined, from the tunnel identifier associated with the packet, whether a session entry in the session data exists for the tunnel identified by the tunnel identifier. In response to determining that a session entry does not exist in the session data, then a session entry is created for the tunnel identifier, an authentication process to determine a location to be associated with the session entry is performed, and an entry in the location data for the location is associated with the session entry.Type: GrantFiled: August 13, 2010Date of Patent: June 4, 2013Assignee: Zscaler, Inc.Inventors: Kailash Kailash, Jose Raphel, Srikanth Devarajan
-
Patent number: 8458455Abstract: A method for replacing a current security certificate includes producing a security certificate request at a first device that includes a request for a replacement security certificate. The method additionally includes sending the security certificate request to a security certificate vendor and receiving a replacement security certificate from the security certificate vendor. The method further includes installing the replacement security certificate within a verification layer of the client device and transmitting the replacement security certificate to the server. The method additionally includes verifying that the server has installed the replacement security certificate, wherein the verification further verifies that the replacement security certificate enables encrypted communication between the client device and the server.Type: GrantFiled: October 10, 2006Date of Patent: June 4, 2013Assignee: International Business Machines CorporationInventors: Gary D. Anderson, Ajay K. Mahajan, Hemlata N. Reddy, Frank Scholz
-
Patent number: 8458279Abstract: An Authorization, Authentication and Accounting (AAA) server acting as a first Extensible Authentication Protocol (EAP) peer advertises the availability of notifications, and this advertisement may be received and interpreted by a mobile station acting as a second EAP peer. Upon being informed of the availability of the notification message, the mobile station may take action in order to receive the notification message from the AAA server. Alternatively, the mobile station may be able to identify the notification message by analyzing the advertisement. If the contents of the notification message comprise a control message, the mobile station may act on the control message in a way that influences the mobile station's behavior.Type: GrantFiled: May 14, 2010Date of Patent: June 4, 2013Assignee: Research In Motion LimitedInventors: Michael Peter Montemurro, Stephen McCann
-
Patent number: 8458777Abstract: Embodiments of the present invention provide systems, methods, and computer-readable media for granting access to a component of a computing device in response to receiving input based on a presentation of a plurality of object coordinates on a screen of a remote device. An arrangement of objects that are referenced by a coordinate system are identified. A plurality of object coordinates of the arrangement of objects is provided to the remote device. Input is received that is based on the plurality of object coordinates. When the input provided is accurate based on the arrangement of objects, access is granted to the component of the computing device.Type: GrantFiled: June 3, 2010Date of Patent: June 4, 2013Assignee: Sprint Communications Company L.P.Inventors: Paul Wesley Taylor, Joseph Edward Trawicki, Jr.
-
Patent number: 8458763Abstract: A computer-implemented method of enabling security in network resources provisioned as part of a service landscape instance is provided. The method includes initiating an orchestration process for creating a landscape service instance to provide services to a service subscriber over a data communications network. The method further includes deriving from the orchestration process at least one parameter, and generating at least one security configuration profile based upon the at least one parameter for at least one system of the landscape service instance.Type: GrantFiled: July 1, 2008Date of Patent: June 4, 2013Assignee: International Business Machines CorporationInventors: Sivaram Gottimukkala, Lap Huynh, Dinakaran Joseph, Michael Law, Linwood Overby, Jr., Wesley Devine, Michael Behrendt, Gerd Breiter
-
Patent number: 8458779Abstract: A system, method, and client registration and verification device for handling personal identification information. The client device collects from an individual, a sufficient amount of biometric information to uniquely identify the individual, as well as historical mobility information providing a history of locations where the individual has lived. A caching manager stores the collected biometric information at a selected cache node in a hierarchical database having a plurality of cache nodes at multiple levels of the database. The caching manager selects the cache node based on the historical mobility information collected from the individual. The client device sends subsequent requests to verify the identity of the individual to a local cache node where newly input biometric information is compared with the cached information.Type: GrantFiled: June 21, 2010Date of Patent: June 4, 2013Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Eric Lee Valentine, Inayat Syed